Takeshige Sugimoto

Senior Fellow, Global

headshot takeshige sugimoto

Takeshige (“Take”) Sugimoto is the Managing Director and Partner of S&K Brussels LPC, a Japanese boutique law firm specializing in data protection, privacy laws, and AI regulations in the US, EU, UK, China, and Japan. He is qualified to practice law in Japan and New York State and is a member of the Brussels Bar Association (B-List). He is a Senior Fellow with the Future of Privacy Forum, and also serves as the Director of the Japan DPO Association, which he co-founded.

Take’s data protection practice includes the establishment and review of clients’ global data protection compliance systems; representation and defense in disputes involving global data protection law issues, including but not limited to negotiations with European, UK, US, Chinese and Japanese data protection supervisory authorities. As a Japanese lawyer, he regularly advises various clients on Japan’s Act on the Protection of Personal Information (APPI), taking into account his paralleled ongoing practical experiences with the EU General Data Protection Regulation (GDPR), UK GDPR, US California Consumer Privacy Act (CCPA) / Consumer Privacy Rights Act (CPRA), and China’s Personal Information Protection Law (PIPL).

As a former Brussels resident between 2013 and 2020, he has practiced European data protection laws, i.e., both EU member states’ data protection laws under the EU Data Protection Directive of 1995 and EU GDPR as a member of major law firms’ Brussels Offices. He has successfully represented numerous clients over the years in obtaining European data protection supervisory authorities’ approvals of EU Binding Corporate Rules (BCRs) for Controllers and Processors under the EU GDPR, following each of the European Data Protection Board (EDPB)’s opinions on the respective authorities’ draft approval decisions for those BCRs. Furthermore, he represents clients in their applications for approval of UK BCRs under the UK GDPR to the UK Information Commissioner’s Office (ICO). He has also assisted clients in preparing for UK’s International Data Transfer Agreement, a new data transfer mechanism.

Since the adoption of the US CCPA in 2018, followed by the CCPA Regulation issued by the California Attorney General, Take has advised several major companies on their CCPA compliance projects. He has also assisted clients in updating their CCPA compliance mechanism in line with the CPRA. In addition, he has been closely following legislative activities of US federal privacy bills, including COPRA (Consumer Online Privacy Rights Act), SAFE Data Act, ADPPA (American Data Protection and Privacy Act) in the US Congress, as well as US Federal Trade Commission (FTC)’s rulemaking efforts on privacy and data security.

Take has assisted a number of clients in complying with China’s data-related laws, including the PIPL, Data Security Law, and Cybersecurity Law. His ongoing work includes helping clients carry out personal information protection impact assessment under the PIPL, preparing PIPL-compliant consent forms, personal information entrustment addendums, data transfer agreements (SCCs), guidance on data protection management systems, internal security rules, privacy policies, data subject rights request manuals, personal information breach response manuals, and handling large data mapping projects in bilingual languages in collaboration with major Chinese law firms.

Outside of direct dealings with clients, Take has also been invited as a speaker at various data protection-related events organized by data protection supervisory authorities. In October 2021, he was invited to speak at the “Global Privacy Assembly 2021 Mexico,” in which he participated as a panelist in “Panel IV: The Challenge of Compliance: The Perspective of Data Protection Officers.”

Take received an LL.B. degree from Keio University, Faculty of Law in 2004; an LL.M. degree from the University of Chicago Law School in 2012; and an MJur degree from the University of Oxford, Faculty of Law (Pembroke College) in 2013.